If deployed correctly, encryption does not need to be a headache. Instead, encryption can be an enabler to achieve the flexibility, compliance and data privacy that is required in today’s business environments. Below are top 10 benefits for those considering encryption.

Security professionals today identify lack of qualified talent and lack of organizational funding as a key problem to their daily job; which probably implies that they are doing what they can with what they have; which likely may not meet expectations...

Paul “Prem” Sobel is a Cal Tech MS in electrical engineering and has dedicated a 40-year career to protecting mission-critical systems. He worked with IBM, NASA, Northrop and Intel before launching MerlinCryption LLC. In this edited interview, Sobel discusses security technologies and critical infrastructure vulnerabilities...

There are improvements you can introduce that are seamless, low-cost , don't present a new burden to your users, and/or are easy to implement. So in between your major IT Security projects that may or may not happen, why not improve you security posture and lower your overall risks?

Key management is one of the most important aspects of cryptography and often the most difficult. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the cryptosystem...

Full Disk Encryption (FDE) is one of the best ways you can ensure all of the private information on your laptop stays private in case it's lost, seized, stolen, or if you choose to sell or give away your computer in the future. This feature has been built-in to many GNU/Linux distributions, including Ubuntu...

Amusingly, the plugin’s flood of attention means it is already racking up quite the bug count. For example, it does not currently do any NSFW prevention, and the results are returned in plaintext also. Have fun explaining that one to the ol’ boss-a-roni...

We released version 3.0 of HTTPS Everywhere, which adds encryption protection to 1,500 more websites, twice as many as previous stable releases. Our current estimate is that HTTPS Everywhere 3 should encrypt at least a hundred billion page views in the next year, and trillions of individual HTTP requests...

I recently wrote a piece for the BBC in which I tried to explain why steganography (as opposed to cryptography) posed a threat. Or least it might. The trouble is we don't really know, and the default position has been to assume that because we haven't discovered it being used en masse the threat is negligible...

For a long time, hackers only targeted the IT systems of offices or individuals. This, however, has changed as the bad guys more frequently go after unconventional targets, like industrial and oil plants, refineries of all kinds, power grids or water utilities...

The fact that usernames and passwords were being logged to a plaintext file itself is problematic, even if the passwords are being hashed when stored in a database, if such data is logged in plain text it defeats the entire purpose...

First you have to get rid of all other services. That’s harder than you would first assume, because you have to admin the box some how. You could toss SSH on a really high port, or have some kind of backend management, or just remove things from running on a multi-IP’d box...

Rather than waiting for bad legislation, Wikipedians should take this opportunity to make one relatively small technical change that could serve as a bulwark against all kinds of government surveillance, filtering and data retention laws...

A recently released article explains in detail how to crack MS-CHAPv2 communication used in many PPTP based VPNs with a 100% success rate. But that is not all, the protocol is also used in WPA2 enterprise environments for connecting to Radius authentication servers. Ouch...